Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1399
Views
0
Helpful
7
Replies

9800 WLC Version 17.3.5 Smart Licensing

jonathanw84
Level 1
Level 1

‎11-07-2022 05:48 AM

Hello,

We are in the process of migrating from our 5508 WLCs to new Catalyst 9800-40-K9 WLCs. Everything has been configured but I am having a difficult time with the Smart Licensing configuration. I've set up the trust between our device and CSSM, and there are no firewall policies blocking the communication. I have 433 Aironet DNA Essnetials Term Licenses available as well. Looking for assistance on this as TAC has been kind of slow to respond.

Thanks!

Labels:
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎11-07-2022 07:51 AM - edited ‎11-07-2022 07:52 AM

Catalyst 9800-40-K9 WLC  registering with CSSM on prem ?

how is your config show on cat 9800 and what is the failure reason ?

post :

show license status
show license all

make sure you have right interface to connect CSSM

ip http client source-interface VXXXX

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jonathanw84
Level 1
Level 1
In response to balaji.bandi

‎11-07-2022 08:40 AM

Hi BB,

Thanks for the reply.

According to the logs (and the GUI), the licensing trust configuration was successful:

Nov 7 07:22:28: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair has been generated or imported by SLA-KeyPair
Nov 7 07:22:28: %SMART_LIC-6-TRUST_INSTALL_SUCCESS: A new licensing trust code was successfully installed on P:C9800-40-K9,S:TTM2608030W.
Nov 7 07:22:28: %CRYPTO_ENGINE-5-KEY_DELETED: A key named SLA-KeyPair has been removed from key storage
Nov 7 07:22:28: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair has been generated or imported by SLA-KeyPair
Nov 7 07:22:28: %SMART_LIC-6-TRUST_INSTALL_SUCCESS: A new licensing trust code was successfully installed on P:C9800-40-K9,S:TTM2607024D.

Here is the "show license status" command you requested:

LAS-WLC01-9800-D-B1F1R03.05-29# show license status
Utility:
Status: DISABLED

Smart Licensing Using Policy:
Status: ENABLED

Data Privacy:
Sending Hostname: yes
Callhome hostname privacy: DISABLED
Smart Licensing hostname privacy: DISABLED
Version privacy: DISABLED

Transport:
Type: Smart
URL: https://smartreceiver.cisco.com/licservice/license
Proxy:
Not Configured

Policy:
Policy in use: Merged from multiple sources.
Reporting ACK required: yes (CISCO default)
Unenforced/Non-Export Perpetual Attributes:
First report requirement (days): 365 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 90 (CISCO default)
Unenforced/Non-Export Subscription Attributes:
First report requirement (days): 90 (CISCO default)
Reporting frequency (days): 90 (CISCO default)
Report on change (days): 90 (CISCO default)
Enforced (Perpetual/Subscription) License Attributes:
First report requirement (days): 0 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 0 (CISCO default)
Export (Perpetual/Subscription) License Attributes:
First report requirement (days): 0 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 0 (CISCO default)

Miscellaneous:
Custom Id: <empty>

Usage Reporting:
Last ACK received: Oct 21 17:44:32 2022 PST
Next ACK deadline: <none>
Reporting push interval: 0 (no reporting)
Next ACK push check: <none>
Next report push: <none>
Last report push: Oct 21 17:39:15 2022 PST
Last report file write: <none>

Trust Code Installed:
Active: PID:C9800-40-K9,SN:TTM2608030W
INSTALLED on Nov 07 07:22:28 2022 PST
Standby: PID:C9800-40-K9,SN:TTM2607024D
INSTALLED on Nov 07 07:22:28 2022 PST

And "show license all":

LAS-WLC01-9800-D-B1F1R03.05-29#show license all
Smart Licensing Status
======================

Smart Licensing is ENABLED

Export Authorization Key:
Features Authorized:
<none>

Utility:
Status: DISABLED

Smart Licensing Using Policy:
Status: ENABLED

Data Privacy:
Sending Hostname: yes
Callhome hostname privacy: DISABLED
Smart Licensing hostname privacy: DISABLED
Version privacy: DISABLED

Transport:
Type: Smart
URL: https://smartreceiver.cisco.com/licservice/license
Proxy:
Not Configured

Miscellaneous:
Custom Id: <empty>

Policy:
Policy in use: Merged from multiple sources.
Reporting ACK required: yes (CISCO default)
Unenforced/Non-Export Perpetual Attributes:
First report requirement (days): 365 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 90 (CISCO default)
Unenforced/Non-Export Subscription Attributes:
First report requirement (days): 90 (CISCO default)
Reporting frequency (days): 90 (CISCO default)
Report on change (days): 90 (CISCO default)
Enforced (Perpetual/Subscription) License Attributes:
First report requirement (days): 0 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 0 (CISCO default)
Export (Perpetual/Subscription) License Attributes:
First report requirement (days): 0 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 0 (CISCO default)

Usage Reporting:
Last ACK received: Oct 21 17:44:32 2022 PST
Next ACK deadline: <none>
Reporting push interval: 0 (no reporting)
Next ACK push check: <none>
Next report push: <none>
Last report push: Oct 21 17:39:15 2022 PST
Last report file write: <none>

Trust Code Installed:
Active: PID:C9800-40-K9,SN:TTM2608030W
INSTALLED on Nov 07 07:22:28 2022 PST
Standby: PID:C9800-40-K9,SN:TTM2607024D
INSTALLED on Nov 07 07:22:28 2022 PST

License Usage
=============

No licenses in use

Product Information
===================
UDI: PID:C9800-40-K9,SN:TTM2608030W

HA UDI List:
Active:PID:C9800-40-K9,SN:TTM2608030W
Standby:PID:C9800-40-K9,SN:TTM2607024D

Agent Version
=============
Smart Agent for Licensing: 5.0.14_rel/89

License Authorizations
======================
Overall status:
Active: PID:C9800-40-K9,SN:TTM2608030W
Status: NOT INSTALLED
Standby: PID:C9800-40-K9,SN:TTM2607024D
Status: NOT INSTALLED

Purchased Licenses:
No Purchase Information Available

With regard to the source interface, I am using the management interface:

ip http client source-interface GigabitEthernet0

Let me know if you need any additional information.

Thanks!




0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jonathanw84

‎11-08-2022 09:34 AM

ip http client source-interface GigabitEthernet0

are you able to reach CSSM using this interface ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jonathanw84
Level 1
Level 1
In response to balaji.bandi

‎11-08-2022 10:43 AM

Hi BB,

Are you referring to smartreceiver.cisco.com? If so, I cannot ping it or reach on the WLC or elsewhere. 

Thanks! 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jonathanw84

‎11-08-2022 11:43 AM

if you registering cisco cloud smart license you need to able to reach smart license server 443 port to register device ?

do you have any FW between or any proxy ?  ( WLC and cisco smartlicense cloud)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni

‎11-08-2022 03:51 AM

Is your WLC is in HA? If not I would recommend using the offline method SLR. Similar to license installation process in the past.

Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide, Cisco IOS XE Amsterdam 17.3.x - Smart Licensing [Cisco Catalyst 9800 Series Wireless Controllers] - Cisco

If you need smart licensing syncing to Cloud, then you need the DNS to work properly. Check from the WLC itself whether it can resolve the domains.  Configure a name server by using the ip name-server command, and a domain lookup by using the ip domain-lookup command configured on the device to successfully resolve the FQDN. This must be enabled under the Mgmt-intf. 

ip name-server vrf Mgmt-intf 8.8.8.8

ip domain-name vrf Mgmt-intf cisco.com

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

jonathanw84
Level 1
Level 1
In response to Arshad Safrulla

‎11-08-2022 05:04 AM

Hi Arshad,

Yes, our WLC is in HA (SSO). The name server and domain has been configured and has been working as expected. Results from a standard ping in the Mgmt-intf vrf:

LAS-WLC01-9800-D-B1F1R03.05-29#ping vrf Mgmt-intf cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.185, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/33 ms

Here is the relevant configuration:
ip name-server vrf Mgmt-intf 10.50.4.31 10.48.4.16
ip domain lookup vrf Mgmt-intf source-interface GigabitEthernet0
ip domain name vrf Mgmt-intf XXXX.com
!
crypto pki trustpoint TP-self-signed-2680778750
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2680778750
revocation-check none
rsakeypair TP-self-signed-2680778750
!
license udi pid C9800-40-K9 sn TTM2608030W
license smart url default
license smart url smart https://smartreceiver.cisco.com/licservice/license
license smart transport smart

I've also generated the token in SCCM and issue the "license smart trust idtoken <token> all force" command. 

Thanks!




0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card